In 2012 Symantec performed more than 1,400 website vulnerability scans each day. More than half the websites scanned were found to have unpatched, potentially exploitable vulnerabilities. Of the vulnerable sites, a quarter were actually infected with malware that could infect visitors and lead to the sites being blacklisted by search engines. These figures show that millions of legitimate websites are at risk from serious attack and exploitation by internet criminals every day.
And yet, a third of companies surveyed by Symantec in ‘The Vulnerability Knowledge Gap', said that they assume their websites are very secure even though they didn't actually scan their sites for vulnerabilities or infections.